009850c02e08e2c76ce5db52c40b58a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

009850c02e08e2c76ce5db52c40b58a3_JaffaCakes118
Size

185KB
MD5

009850c02e08e2c76ce5db52c40b58a3
SHA1

0dba53806e27669eeae50876f548b5cea71f56a1
SHA256

29c475e699b0134a5887f4991cdae6008575ceb1d913b1815689a27eb90fcbb5
SHA512

d174a2fcc342cab1ebcb6ad3a0d3eb015353ff2897a8dae71d21faec056a13b06a55dcb4eb4d329896e0ed8cba5abba7d711dd426abb7c2985423aa290e40cba
SSDEEP

3072:+GHi025AsaW8TIm7EcobsEzN8qkPGUoiqeA3RcxAoPjSm5W0cy0:lioMm1EzFSHtA3RcxAqP5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009850c02e08e2c76ce5db52c40b58a3_JaffaCakes118

Files

009850c02e08e2c76ce5db52c40b58a3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f40e6a0f0360a162df405b8b6d30508d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_msl_.pdb

Imports

core_rl_libxml_

xmlCreateIntSubset
xmlLoadExternalEntity
xmlGetDocEntity
xmlGetParameterEntity
xmlAddDtdEntity
xmlAddDocEntity
xmlFree
xmlAddAttributeDecl
xmlSplitQName
xmlAddElementDecl
xmlAddNotationDecl
xmlStrdup
xmlNewDoc
xmlNewReference
xmlAddChild
xmlNewCharRef
xmlNewCDataBlock
xmlTextConcat
xmlGetLastChild
xmlFreeInputStream
xmlPopInput
xmlParseExternalSubset
xmlSwitchEncoding
xmlDetectCharEncoding
xmlPushInput
xmlMalloc
xmlNewDtd
xmlCleanupParser
xmlFreeParserCtxt
xmlParseChunk
xmlCreatePushParserCtxt
xmlSubstituteEntitiesDefault

core_rl_magick_

SetImageRegistry
DestroyImageInfo
ReadImage
CopyMagickString
CloneImageInfo
DestroyExceptionInfo
GetImageRegistry
AcquireExceptionInfo
FormatMagickString
GetPathAttributes
LogMagickEvent
DestroyString
CloneImage
AcquireImage
CloneDrawInfo
ThrowMagickException
ResizeQuantumMemory
DestroyImage
SetImageProperty
StripString
DeleteImageProperty
LocaleCompare
AcquireQuantumMemory
GetExceptionMessage
SetImageOption
ParseGeometry
QueryColorDatabase
CloneString
SetMagickResourceLimit
SetImageAlphaChannel
ParseMagickOption
UnregisterMagickInfo
WriteImage
TransparentPaintImage
BilevelImageChannel
TextureImage
SyncImage
SwirlImage
GetFirstImageInList
ReplaceImageInList
GetImageFromList
StereoImage
SteganoImage
SpreadImage
SolarizeImage
SignatureImage
ShearImage
ShaveImage
SharpenImage
ShadowImage
ShadeImage
GetPageGeometry
GetImageOption
ResetMagickMemory
TransformImageColorspace
SetImageClipMask
SetImageMask
SegmentImage
ScaleImage
SampleImage
ParseMetaGeometry
RollImage
ParseRegionGeometry
ResizeImage
DefaultResolution
ParseAbsoluteGeometry
ReduceNoiseImage
AppendImageToList
RaiseImage
FormatImageProperty
GetTypeMetrics
QuantizeImage
GetQuantizeInfo
GetNextImageProfile
ResetImageProfileIterator
DestroyStringInfo
GetStringInfoDatum
GetStringInfoLength
FileToStringInfo
IsPathAccessible
CloneStringInfo
GetImageProfile
ProfileImage
OpaquePaintImageChannel
OilPaintImage
NormalizeImageChannel
NegateImageChannel
ModulateImage
MinifyImage
MedianFilterImage
DestroyQuantizeInfo
RemapImages
AcquireQuantizeInfo
MagnifyImage
LevelImage
ImplodeImage
GetNextImageInList
CatchException
ConcatenateMagickString
GammaImageChannel
GammaImage
FrameImage
FlopImage
FlipImage
MergeImageLayers
EqualizeImage
EnhanceImage
EmbossImage
EdgeImage
DrawImage
DisplayImages
DespeckleImage
CycleColormapImage
CropImage
ContrastImage
CompositeImageChannel
ParseGravityGeometry
RotateImage
DestroyCacheView
SyncCacheViewAuthenticPixels
GetCacheViewAuthenticPixels
AcquireCacheView
SetImageOpacity
CompositeImage
SetImageType
GetOneVirtualPixel
SetImageArtifact
GetImageProperty
NewImageList
FloodfillPaintImage
GetOneVirtualMagickPixel
QueryMagickColor
ChopImage
CharcoalImage
ColorizeImage
BorderImage
SetGeometry
BlurImageChannel
AppendImages
DestroyDrawInfo
AnnotateImage
ParsePageGeometry
GetAffineMatrix
AddNoiseImageChannel
ParseChannelOption
InterpretImageProperties
SetGeometryInfo
GetExceptionInfo
RelinquishMagickMemory
ReadBlobString
AcquireMagickMemory
DestroyImageList
OpenBlob
ReferenceImage
RegisterMagickInfo
ConstantString
SetMagickInfo

msvcr90

_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_vsnprintf
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_exit
_CIfmod
_CIcos
_CIsin
_CItan
__iob_func
fprintf
ceil
_errno
strtoul
strtol
_CIpow
strtod
_adjust_fdiv
tolower

kernel32

LoadLibraryA
GetProcAddress
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

RegisterMSLImage
UnregisterMSLImage

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f40e6a0f0360a162df405b8b6d30508d

Headers

File Characteristics

PDB Paths

Imports

core_rl_libxml_

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 876B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 876B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 8KB - Virtual size: 7KB